Datasette 1.0a33 release: security, plugin and migration fixes

Datasette 1.0a33 was released on June 11, 2026 by Simon Willison. The update is a patch-level release that addresses security fixes, refines plugin loading behavior, and improves database migration handling.

What changed in 1.0a33

The official release notes list a compact set of changes aimed at stability and correctness rather than new features. Key highlights include:

• Security fixes: patches to close one or more vectors identified in the previous alpha, with CVE-level details available in the release notes. Users running public instances are advised to prioritise this update.
• Plugin loading adjustments: changes to how Datasette discovers and loads plugins, intended to reduce startup errors and avoid unexpected plugin ordering in some environments.
• Migration improvements: smoother handling of schema migrations and clearer error messages when migrations fail, which reduces the friction of incremental upgrades.
• Minor API tweaks and bug fixes: small breaking and nonbreaking adjustments to internal APIs, plus general bug fixes found in recent usage and tests.
• Documentation updates: clarifications to upgrade instructions and plugin development guidance.

The release is positioned as backward compatible for most users, but developers who maintain custom plugins or rely on private APIs should review the changelog for specific compatibility notes.

How to upgrade

For most Python-based installations the quickest path is a pip upgrade. The maintainer suggests checking the changelog before upgrading on production systems.

Example pip command:

pip install --upgrade datasette==1.0a33

If Datasette is deployed inside containers, follow your existing build or image update process and run a test deployment in staging before rolling the image to production. For installations using system packages or alternative packaging, consult the release notes linked from the maintainer's announcement for platform-specific guidance.

Plugin authors should run their test suites against 1.0a33 and look for any warnings about deprecated internals or changes in plugin discovery. If a plugin depends on undocumented behavior of the previous alpha, it may require a minor update.

Why it matters

This patch prioritises reliability and safety, the immediate concerns for operators running public-facing Datasette instances. The plugin-loading and migration fixes reduce common upgrade friction, lowering the barrier for administrators to keep instances current. Developers maintaining plugins or integrating Datasette into tooling will need to check the changelog for small API changes before upgrading on production systems.